On Mon, Mar 07, 2022 at 10:45:05AM -0800, Josh Poimboeuf wrote:
On Mon, Mar 07, 2022 at 12:03:38PM -0600, Alex Thorlton wrote:
Commit 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") changed the order in which altinstructions and paravirt instructions are patched at boot time. However, no analogous change was made in module_finalize, where we apply altinstructions and parainstructions during module load.
As a result, any code that generates "stacked up" altinstructions and parainstructions (i.e. local_irq_save/restore) will produce different results when used in built-in kernel code vs. kernel modules. This also makes it possible to inadvertently replace altinstructions in the booted kernel with their parainstruction counterparts when using livepatch/kpatch.
To fix this, re-order the processing in module_finalize, so that we do things in this order:
- apply_paravirt
- apply_retpolines
- apply_alternatives
- alternatives_smp_module_add
This is the same ordering that is used at boot time in alternative_instructions.
Fixes: 4e6292114c74 ("x86/paravirt: Add new features for paravirt patching") Signed-off-by: Alex Thorlton alex.thorlton@oracle.com Reviewed-by: Boris Ostrovsky boris.ostrovsky@oracle.com
Peter previously posted a fix, buried in his IBT series:
https://urldefense.com/v3/__https://lkml.kernel.org/r/20220303112825.0687739...
It should probably go ahead and be merged now...
Ahh, yep - hadn't seen that one yet! In any case, I'm glad this is on other folk's radar.
Thanks for letting me know, Josh!
- Alex